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5) D Claim(s) is/are allowed. 
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DETAILED ACTION 

1. The office action is in replay to an amendment filed on 12/19/2007. Claims 1,3- 
5,12,14,23-25,27-29,34-39 have been amended. Claims 2,26,33 are canceled. Claims 1,3-25,27- 
32,34-39 are pending.. 

Response to Arguments 

2. Applicant's arguments with respect to claim 1,3-13,23-25,27-39 have been considered but 
are moot in view of the new ground(s) of rejection. 

3. Applicant's arguments with respect to claim 14-22 have been considered but 
argument not persuasive. 

4. The applicant argued that the combination of Massarani-Chien-Daude fails to 
disclose "receiving a request to update the ARP table from a Dynamic Host Configuration 
Protocol (DHCP) subsystem of a network device in a DHCP message that indicates a 
network layer address and a corresponding data link layer address". The examiner 
disagree and point out the combination of Massarani-Chien-Daude teach receiving a 
request to update the ARP table from a Dynamic Host Configuration Protocol (DHCP) 
subsystem of a network device in a DHCP message that indicates a network layer address 
and a corresponding data link layer address(See Chien 0063-0066(i.e., DHCP message to 
assist in updating the ARP table)) 

Claim Rejections - 35 USC §103 
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5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1,3,6-8,10-13,23-25,27,30-32,34,37-39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Sharma et al (hereinafter referred as Sharma) US 6,754,716 in view of 
Daude et al (hereinafter referred as Daude) US Patent No 7,231,660 Bl and further in view of 
Garrett et al(hereinafter referred as Garrett) US Pub No 2002/0023 1 74 Al . 

7. As per claims 1,23 -25: Sharma discloses a mcthod/computer-readable medium/apparatus 
of restricting Address Resolution Protocol (ARP) table updates to updates originating from 
authorized subsystems, the method comprising: receiving an instruction to update an ARP table 
(See Fig 6 step 602 and col 2 lines 39-43); determining whether the particular subsystem within 
the network device from which the instruction originated is authorized (See Fig 6 step 604 and 
col 3 lines 12-34,Fig 1 step 106); and only if the particular subsystem is authorized(See Fig 6 
step 604 and col 3 lines 12-34), then updating the ARP table based on the instruction(See Fig 6 
step 606 and col 2 lines 55-65 and col 7 lines 9-19). 

Sharma does not explicitly teach a particular subsystem of a network device comprising a 
plurality of subsystems. However Daude discloses a particular subsystem of a network device 
comprising a plurality of subsystems (See Fig 2 steps 201-205 and col 8 lines 50-67,col 9 lines 4- 
60). 
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Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the teaching method of Daude within Sharma method 
inorder to provide secure communication among multiple network devices. 

The combination of Sharma and Daude do not explicitly teach wherein determining that 
the particular subsystem is authorized comprises determining that the particular subsystem is a 
Dynamic Host Configuration Protocol (DHCP) server, an authentication, authorization, 
accounting (AAA) server or a Network Translator(NAT);and only if the particular subsystem is 
authorized, then updating the ARP table based on the instruction. 

However Garrett teach wherein determining that the particular subsystem is authorized 
comprises determining that the particular subsystem is a Dynamic Host Configuration Protocol 
(DHCP) server, an authentication, authorization, accounting (AAA) server or a Network 
Translator(NAT);and only if the particular subsystem is authorized, then updating the ARP table 
based on the instruction(See Fig 1 1 step 1 101,1 102,1 103 and 0035,0038-0039). 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the teaching method of Garrett within the combination of 
Sharma and Daude method inorder to provide secure communication among multiple network 
devices. 

8. As per claims 3,27,34: the combination of Sharma and Daude disclose the method 
wherein determining authorized comprise determining whether the particular subsystem is a 
Dynamic Host Configuration Protocol (DCHP) server is authorized.(See See Garrett Fig 1 1 step 
1 101,1 102,1 103 and 0035,0038-0039). 
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9. As per claims 6,30,37: the combination of Sharma and Daude disclose the method further 
comprising: if the particular subsystem is not authorized, then preventing the ARP table from 
being updated based on the instruction (See Sharma Fig 5 step 504) 

10. As per claims 7,31,38: the combination of Sharma and Daude disclose the method further 
comprising: if the particular subsystem is not authorized, then performing the steps of: 
determining whether a particular network interface through which the instruction was received 
is contained in a set of one or more specified network interfaces (See Sharma col 5 line 44 
through col 6 line 10 and Fig 5 steps 502, 504); if the particular network interface is contained 

in the set, then preventing the ARP table from being updated based on the 
instruction (Sec Sharma Fig 5 step 504 and col 7 line 1-9); and if the particular 
network interface is not contained in the set, then updating the ARP table based 
on the instruction(See Sharma Fig 5 step 504 and col 7 line 1-9). 

11. As per claims 8,32,39: the combination of Sharma and Daude disclose the method further 
comprising: if the particular subsystem is not authorized, then performing the steps of: 
determining whether a particular network address indicated by the instruction is contained in a 
set of one or more specified network address (See Sharma col 5 line 44 through col 6 line 10 
and Fig 5 steps 502, 504); if the particular network address is contained in the set, then 
preventing the ARP table from being updated based on the instruction (See Sharma Fig 5 step 
504 and col 7 line 1-9); and if the particular network address is not contained in the set, then 
updating the ARP table based on the instruction^ ee Sharma Fig 5 step 504 and col 7 line 1-9). 
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12. As per claims 10: the combination of Sharma and Daude disclose the method wherein the 
ARP table is updated only in response to instructions that are not ARP message (See 
Sharma Sharma col 3 lines 6-34). 

13. As per claim 1 1 : the combination of Sharma and Daude disclose the method 
wherein determining whether the particular system is authorized comprises determining whether 
the particular subsystem is a Hypertext Transfer Protocol (HTTP) server (See Sharma col 4 lines 
22-51). 

14. As per claim 12:Sharma discloses a method of restricting Address Resolution Protocol 
(ARP) table updates to updates originating from authorized subsystems, the 
method comprising: receiving an instruction to update an ARP table (See 
Sharma Fig 6 step 602 and col 2 lines 39-43); determining whether a particular 
network interface through which the instruction was received is contained in a set of one or 
more specified network interfaces (See Sharma col 5 line 44 through col 6 line 1 0); 
determining whether a particular network address indicated by the instruction is contained in a 
set of one or more specified network addresses(See Sharma Fig 6 step 604 and col 3 lines 12- 
34); if the particular network interface is not contained in the set of one or more specified 
network interfaces, and if the particular network address indicated by the instruction is not 
contained in the set of one or more specified network addresses, then updating the ARP table 
based on the instruction^ ee Sharma col 2 lines 55-65 and col 7 lines 1-9); and 
if the particular network interface is contained in the set of one or more specified 
network interfaces, of if the particular network address is contained in' the set of one or 
more specified network addresses, then performing steps comprising: determining whether a 
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particular subsystem from which the instruction originated is authorized(See Sharma Fig 6 step 
604 and col 3 lines 12-34); only if the particular subsystem is authorized, then updating the ARP 
table based on the instruction(See Sharma col 7 lines 9-15); and if the particular subsystem is not 
authorized, then preventing the ARP table from being updated based on the instruction(See 
Sharma col 7 lines 1-9). 

Sharma does not explicitly disclose a network device on a particular network device 
among a plurality of network interfaces. 

However Daude discloses a network device on a particular network device among a 
plurality of network interfaces (See Daude col 8 lines 51-67 and Fig 2 steps 201-205). 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the teaching method of Daude within Sharma method 
inorder to provide secure communication among multiple network devices. 

The combination of Sharma and Daude do not explicitly teach wherein determining that 
the particular subsystem is authorized comprises determining that the particular subsystem is a 
Dynamic Host Configuration Protocol (DHCP) server, an authentication, authorization, 
accounting (AAA) server or a Network Translator(NAT);and only if the particular subsystem is 
authorized, then updating the ARP table based on the instruction. 

However Garrett teach wherein determining that the particular subsystem is authorized 
comprises determining that the particular subsystem is a Dynamic Host Configuration Protocol 
(DHCP) server, an authentication, authorization, accounting (AAA) server or a Network 
Translator(NAT);and only if the particular subsystem is authorized, then updating the ARP table 
based on the instruction(See Fig 11 step 1101,1102,1103 and 0035,0038-0039). 
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Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the teaching method of Garrett within the combination of 
Sharma and Daude method inorder to provide secure communication among multiple network 
devices. 

15. As per claim 13: the combination of Sharman and Daude disclose wherein receiving the 
instruction to update the ARP table comprises receiving and ARP message that indicates an 
association between a network layer address and a data link layer address. (See Sharma Fig 2 
step 200 and Fig 6 step 606) 

16. Claims 4-5,28-29,35-36 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sharma et al (hereinafter referred as Sharma) US 6,754,716 in view of Daude et al 
(hereinafter referred as Daude) US Patent No 7,231,660 Bl and further in view of Garrett 
et al(hereinafter referred as Garrett) US Pub No 2002/0023174 and further in view of 
Wilson (US Pub No 2001/0054101). 

17. As per claims 4,28,35: the combination of Sharma-Daude-Garrett discloses claim 1 as 
recited above. Sharma-Daude-Garrett do not disclose the method wherein determining whether 
the particular system is authorized comprises determining whether the particular subsystem is 
NAT server. 

However Wilson teaches the method wherein determining whether the particular system 
is authorized comprises determining whether the particular subsystem is NAT server. (See 0007 
Fig 3 steps 314,316) 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Sharma-Daude-Garrett to 
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include determining whether the particular system is authorized comprises determining whether 
the particular subsystem is NAT server. 

This modification would have been obvious because a person having ordinary skill in the 
art would have been motivated to do so, as suggested by (See col 3 lines 16-19) inorder to 
restrict communications between network devices on common subnet such as any network 
devices can be restricted to communicating only with a predefined set of authorized of validated 
network devices. 

18. As per claims 5,29,36: the combination of Sharma-Daude-Garrett disclose claim 1 as 
recited above. Sharma-Daudc-Garrett do not disclose the method wherein determining whether 
the particular system is authorized comprises determining whether the particular subsystem is an 
authentication authorization accounting (AAA) server. 

However Wilson teaches determining whether the particular system is authorized 
comprises determining whether the particular subsystem is an authentication authorization 
accounting (AAA) server (See 0007 Fig 3 steps 3 14,3 16) 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Sharma and Daude to include a 
Dynamic Host Configuration Protocol Server, an Authentication, and Authorization, Accounting 
(AAA) server or a Network Address Translator (NAT). 

This modification would have been obvious because a person having ordinary skill in the 
art would have been motivated to do so, as suggested by Sharma (See col 1 line 66 through col 2 
line 3) inorder to restrict communications between network devices on common subnet such as 
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any network devices can be restricted to communicating only with a predefined set of authorized 
of validated network devices. 

19. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sharma et al 
(hereinafter referred as Sharma) US 6,754,716 in view of Daude et al (hereinafter referred 
as Daude) US Patent No 7,231,660 Bl and further in view of Garrett et al(hereinafter 
referred as Garrett) US Pub No 2002/0023174 Al and in further view of Massarani (US 
6,393,484 Bl). 

20. As per claim 9: the combination of Sharma-Daude-Garrett disclose claim 1 as recited 
above. The combination of Sharma-Daude-Garrett do not disclose the method comprising 
determining whether a specified amount of time has passed since a time indicated by a 
timestamp associated with an entry in the ARP table; and if the specified amount of time has 
passed then removing the entry from the ARP table. 

However Massarani teaches the method comprising determining whether a specified 
amount of time has passed since a time indicated by a timestamp associated with an entry in the 
ARP table (See abstract and See Fig 7 steps 701); and if the specified amount of time has passed 
then removing the entry from the ARP table (See abstract and See Fig 7 steps 701). 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Sharma-Daude-Garrett to 
include determining whether a specified amount of time has passed since a time indicated by a 
timestamp associated with an entry in the ARP table; and if the specified amount of time has 
passed then removing the entry from the ARP table. 
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This modification would have been obvious because a person having ordinary skill in the 
art would have been motivated to do so, as suggested by Massarani (See col 3 lines 16-19) 
inorder to prevent unauthorized devices and users from obtaining network services in a dynamic 
user address environment. 

21. Claims 14-22 are rejected under 35 U.S.C. 103(a) as being unpatentable Massarani 
(hereinafter referred as Massarani) US 6,393,484 Bl in view of Chien et al(hereinafter 
referred as Chien( US Pub No 20030115345) and further in view of Daude et al (hereinafter 
referred as Daude) US Patent No 7,231,660 Bl . 

22. As per claim 14: Massarani discloses the method of sending an instruction to update an 
Address Resolution Protocol (ARP) table in a system in which ARP table updates are restricted 
to updates originating from authorized subsystems, the method comprising: in response to 
receiving the message, determining whether the network layer address is bound with a data link 
layer address in the ARP table (See Fig 3 step 3 1 0 and col 5 lines 3 1 -54); and only (See Fig 3 
step 310 and col 5 lines 3 1-54); and if the network layer address is not bound with a data link 
layer address, then sending an instruction to update an ARP table(See Fig 4 step 416 and col 5 
lines 31-54) 

Massarani does not explicitly teach receiving a request to update the ARP table from a 
Dynamic Host Configuration Protocol (DHCP) in a DHCP subsystem of network device in a 
DHCP message that indicates a network layer address and corresponding data link layer address 
(See Fig 3 step 308 and col 5 lines 31-54); 
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However Chien teaches receiving a request to update the ARP table from a Dynamic 
Host Configuration Protocol (DHCP) in a DHCP message that indicates a network layer address 
(See paragraph 0063-0066) 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Massarani to include receiving a 
request to update the ARP table from a Dynamic Host configuration Protoclol(DHCP) in a 
DHCP message that indicates a network layer address. 

This modification would have been obvious because a person having ordinary skill in the 
art would have been motivated to do so, as suggested by Massarani (See col 3 lines 16-19) 
inorder to prevent unauthorized devices and users from obtaining network services in a dynamic 
user address environment. 

The combination of Massarani and Chien do not disclose subsystem of a network device 
comprising a plurality of subsystems. 

However Daude discloses subsystem of a network device in a DHCP message (See Fig 2 
steps 201-205 and col 8 lines 50-67,col 9 lines 4-60). 

Therefore it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the teaching method of Daude within the combination of 
Massarani and Chien inorder to provide secure communication among multiple network devices. 
23. As per claim 15: the combinations of Massarani-Chien-Daude disclose the method 
wherein the instruction is to update the ARP table to contain a binding between the network layer 
address and data link layer address of a DHCP client that sent the message (Massarani col 5 lines 
31-54) 
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24. As per claim 16: the combinations of Massarani-Chien-Daude disclose the method 
comprising determining whether a lease associated with the network layer address has expired 
(See Massarani col 7 lines 27-37); and if the lease has expired, then sending an instruction to 
update the ARP table (See abstract). 

25. As per claim 17: the combinations of Massarani-Chien-Daude disclose the method 
determining whether a lease associated with the network layer address has expired (See 
Massarani col 7 lines 27-37); and if the lease has expired, then sending an instruction to remove, 
from the ARP table, an entry that contains the network layer address (See Massarani col 7 lines 
27-37). 

26. As per claiml8: the combinations of Massarani-Chien-Daude disclose the method 
comprising receiving a particular DHCP message requests an extension of a lease (See 
Massarani abstract); and response to receiving the particular DHCP message, sending an 
instruction to update the ARP table (See Massarani abstract). 

27. As per claim 19: the combinations of Massarani-Chien-Daude disclose the method 
comprising receiving a particular DHCP message that relinquishes a lease (See abstract); and in 
response to receiving the particular DHCP message, sending an instruction to update the ARP 
table (See Massarani abstract). 

28. As per claim 20: the combinations of Massarani-Chien-Daude disclose the method 
comprising if the network layer address is not bound with a data link layer address, then sending 
an instruction to start a process in connection with the network layer address (See Massarani col 
5 lines 25-54). 
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29. As per claim 21 : the combinations of Massarani-Chien-Daude disclose the method 
comprising determining whether a lease associated with the network layer address has expired 
(See Massarani Fig 6 step 603); and if the lease has expired, then sending an instruction to stop a 
process in connection with the network layer address (See Massarani Fig 6 step 603 and col 7 
lines 9-23). 

30. As per claim 22: the combinations of Massarani-Chien-Daude disclose the method 
comprising receiving a particular DHCP message that relinquishes a lease (See Massarani Fig 6 
step 601); and in response to receiving the particular DHCP message, sending an instruction to 
stop a process in connection with the network layer address (See Massarani Fig 7 step 704 and 
col 7 lines 9-23). 



Conclusion 

3 1 . Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fikremariam Yalew whose telephone number is 5712723852. 
The examiner can normally be reached on 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Moazzami Nasser can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Fikremariam Yalew Art Unit 2 1 3 6 

03/03/2007 

FA 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 
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